[CVE-2013-2560] Foscam <= 11.37.2.48 path traversal vulnerability

Posted on Sun 17 March 2013 in Advisory • Tagged with vulnerability, advisory, foscam

Summary

Foscam firmware <= 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface.

The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials.

Details

GET //../proc/kcore HTTP/1.0

CVSS Version 2 Metrics

  • Access Vector: Network exploitable
  • Access Complexity …

Continue reading

[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping

Posted on Sun 17 March 2013 in Advisory • Tagged with vulnerability, advisory, lemonldap

Summary

LemonLDAP-NG <=1.2.2 is prone to a security vulnerability involving XML signature wrapping in authentication process.

Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content.

This may lead to authentication bypass.

Details

Due to a bad use …


Continue reading